this post was submitted on 06 Mar 2024
320 points (87.2% liked)

Privacy

31871 readers
248 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

It was a many months transition, and it's finally done

Fun thing, you can actually make a backup of all* your messages, groups, contacts, etc. So before leaving you can have all of your data in case you need that one contact or something

The final red flag was as that allegedly Russian authorities were messing with people's deleted messages. Not for the first time there are news that they could read, modify, delete, see location, and etc. Screw it, this is unsafe, I'm out.

Also, these days telegram is really at the state of a pile of garbage, bloated, buggy, and shady messenger.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 60 points 8 months ago* (last edited 8 months ago) (8 children)

The final red flag was as that allegedly Russian authorities were messing with people's deleted messages.

I don't know about "Russian authorities", but the fact remains that if you can login anywhere and see your messages, then your ~~public~~ private key is stored in the server.

Since Telegram requires authorization from an extant connection, I don't know if that means your public key isn't stored on the servers and it's being sent from the authorizing device, or if that device is merely authorizing the Telegram servers to transmit that key to the new device.

Since they have a full e2e chat feature (Private Chats), I'm going to assume the latter.

So anyone who can get those keys can gain access to your chats.

I still say Telegram is far superior to anything from Fuckbook/Meta, because it's not integrated into everying you do (even those of us who've never once been on Facebook, and yet have ghost profiles), not to mention the Facebook app integrated into Android on many vendor phones.

Even so, know Telegram for what it is - not ideal, just better than WhatsApp, and a step along the path to moving to more secure and privacy-respecting apps.l

[–] [email protected] 40 points 8 months ago (1 children)

then your public key is stored in the server

Did you mean private key?

[–] [email protected] 9 points 8 months ago

I automatically read it as private key, good catch

load more comments (7 replies)
[–] [email protected] 52 points 8 months ago (13 children)

Why did Telegram get so popular in the privacy scene compared to Signal in the first place? To my knowledge Signal came out first and never had a history of breaches or leaks.

[–] [email protected] 24 points 8 months ago (1 children)

I can't speak for the privacy scene but in my country it's pretty popular merely because of anonimity (which boils down to not having to use a phone number) and Discord-like server/groups. For porn and other NSFW content, it is pretty popular.

[–] [email protected] 8 points 8 months ago (3 children)

Ah I did not know Signal required a phone number compared to Telegram not requiring one. Thanks.

[–] [email protected] 24 points 8 months ago (1 children)

Telegram still requires a phone number to sign up, but they have had usernames that can be used to contact people without needing their phone number. Signal is only now finally rolling out usernames.

[–] [email protected] 6 points 8 months ago

And they still want your phone number.

[–] [email protected] 7 points 8 months ago

At least they have usernames now..

load more comments (1 replies)
[–] [email protected] 12 points 8 months ago

Telegram got its popularity because of piracy and having your chats on cloud. It was never intended to give privacy to user but due to WhatsApp breaches they started promoting telegram as a secured chat app which is a toatal joke till this day.

[–] [email protected] 11 points 8 months ago (1 children)

Telegram, while often hyped as high privacy/security got popular because it was/is fully featured and isn't Google or Facebook. That's it

It's less invasive, less annoying, and can do all the stuff like gifs and stickers. So it was very easy to get people onto compared to pretty much anything that was actually private or secure.

Once enough people started using it, it snowballed into its own monolith of bloat.

load more comments (1 replies)
[–] [email protected] 10 points 8 months ago (1 children)

Honestly, UI and PC client experience.

I find the UI in signal a bit off putting. Telegram grabs you with their funky stickers, clean UI and dumb features. I alps hate that Signal won't bother copying the messages to a new client.. Like, I have a 1Gbps connection, surely we can copy my chat histories from my phone to my PC? Nope, gotta start fresh on every new client..

If they did less dumb shit like adding statuses, and put some more effort into making the UI nice, more people would use it.

And I get these are dumb reasons, but they're real none the less

[–] [email protected] 12 points 8 months ago

I think Signal shot themselves squarely in the dick by removing SMS functionality.

Previously, you could use Signal as the primary SMS/messenger app. Any conversations with other Signal clients secure. Conversations in SMS/MMS? Marked as not-secure.

But, out of some purity concerns, SMS functionality was removed and the dev team focused on adding useless shit like "stickers" and then the pin-code harassment.

Signal adoption plummeted as intended (?)

[–] [email protected] 7 points 8 months ago* (last edited 8 months ago)

Maybe because it offers public chats and channels? Something other apps lack.

Also the best desktop experience out of all apps I've tried.

load more comments (8 replies)
[–] [email protected] 35 points 8 months ago (2 children)

Nobody in this entire thread of FUD has posted a single link to support any claim of Russian data intrusion.

load more comments (2 replies)
[–] [email protected] 30 points 8 months ago (4 children)

I posted this down below in a comment thread but I'm afraid it won't be seen and not enough people know about this.

Session was at first a fork of Signal without usernames.

Now by design it uses their own custom tor-like service (instead of just... using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.

Regarding Australia's 2018 bill...

The Australian Parliament passed a contentious encryption bill on Thursday to require technology companies to provide law enforcement and security agencies with access to encrypted communications. Privacy advocates, technology companies and other businesses had strongly opposed the bill, but Prime Minister Scott Morrison’s government said it was needed to thwart criminals and terrorists who use encrypted messaging programs to communicate.

Regarding the 'vulnerability or cracking them later' bit...

Messages that are sent to you are actually sent to your swarm. The messages are temporarily stored on multiple Service Nodes within the swarm to provide redundancy. Once your device picks up the messages from the swarm, they are automatically deleted from the Service Nodes that were temporarily storing them.

From Session's own FAQ:

Session clients do not act as nodes on the network, and do not relay or store messages for the network. Session’s network architecture is closer to a client-server model, where the Session application acts as the client and the Service Node swarm acts as the server. Session’s client-server architecture allows for easier asynchronous messaging (messaging when one party is offline) and onion routing-based IP address obfuscation, relative to peer-to-peer network architectures.

I wouldn't touch it with a 12ft ladder.

[–] [email protected] 8 points 8 months ago* (last edited 8 months ago)

The thing I find most suspicious is their "onion routing". An average Joe like me cannot run a node like he can do with I2P or Tor. There is a gigantic upfront payment for that. So that ensures the nodes would be run by crypto bros, companies and governments.

load more comments (3 replies)
[–] [email protected] 28 points 8 months ago (1 children)

The final red flag was as that allegedly Russian authorities were messing with people’s deleted messages

I'm gonna need a source on that, since the creator himself was persecuted and telegram had layers of fake companies to stop Putin from getting to it.

[–] [email protected] 17 points 8 months ago* (last edited 8 months ago)

Here's what I found:

Over the past year, numerous dissidents across Russia have found their Telegram accounts seemingly monitored or compromised. Hundreds have had their Telegram activity wielded against them in criminal cases. Perhaps most disturbingly, some activists have found their “secret chats”—Telegram’s purportedly ironclad, end-to-end encrypted feature—behaving strangely, in ways that suggest an unwelcome third party might be eavesdropping. These cases have set off a swirl of conspiracy theories, paranoia, and speculation among dissidents, whose trust in Telegram has plummeted. In many cases, it’s impossible to tell what’s really happening to people’s accounts—whether spyware or Kremlin informants have been used to break in, through no particular fault of the company; whether Telegram really is cooperating with Moscow; or whether it’s such an inherently unsafe platform that the latter is merely what appears to be going on. ... Elies Campo, who says he directed Telegram’s growth, business, and partnerships for several years, confirmed this general characterization to WIRED, as did a former Telegram developer. In other words, Telegram has the capacity to share nearly any confidential information a government requests. Users just have to trust that it won’t.

https://www.wired.com/story/the-kremlin-has-entered-the-chat/

[–] [email protected] 23 points 8 months ago (3 children)

I never got with these russian authority claims. Telegram is not based in russia, sure its founders are born in russia but they have taken citizenship of France for a long time now, its based in saudi arabia. I never saw a single proof of them giving data to russian authorities, they were banned in russia for that iirc but eventually got unbanned due to mass adoption. At this point these russian claims just seem racism to me.

[–] [email protected] 15 points 8 months ago (1 children)

It's the usual foreign fearmongering. It's never phrased this way if the subject is a western company (even though we know they cooperate with the US government).

[–] [email protected] 6 points 8 months ago

Specially since we know for a fact that Meta hands over any and all information the US government wants from all their apps.

load more comments (2 replies)
[–] [email protected] 21 points 8 months ago* (last edited 8 months ago) (7 children)

I only use it for porn groups🗿

[–] [email protected] 7 points 8 months ago (1 children)

Now, where might one find those? For science, of course...

load more comments (1 replies)
load more comments (6 replies)
[–] [email protected] 20 points 8 months ago (2 children)

I have been living under a rock, what happened to Telegram?

load more comments (2 replies)
[–] [email protected] 12 points 8 months ago* (last edited 8 months ago) (5 children)

I must agree on the bloated part. Telegram was awesome before Pavel got greedy and added more and more stuff that are just not related to any chat service, for an example payments and crypto.

I installed Snikket on my server few weeks ago and are now trying to move everyone to it. It seems to be a very slow process, though.

But I might keep Telegram only for the porn channels. Mighty good stuff!

By the way. Do you have the source for your claim that Russian authorities were messing with people's deleted messages?

load more comments (5 replies)
[–] [email protected] 12 points 8 months ago* (last edited 8 months ago) (11 children)

Good for you. I still don't know how to move my friends and relatives to Signal. Any tips with that?

[–] [email protected] 11 points 8 months ago* (last edited 8 months ago) (1 children)

One day I said that in the future I will only be available via Signal. If not there then there is still SMS. And so far everyone I have contact with regularly installed it eventually.

load more comments (1 replies)
[–] [email protected] 8 points 8 months ago (2 children)

Easy! Just replace their usual SMS app with Signal, and then every contact they have that does use Signal is private and secure!

Oh. Wait. That's exactly the functionality that Signal removed in their effort to ensure that Signal is never widely adopted.....

load more comments (2 replies)
load more comments (9 replies)
[–] [email protected] 10 points 8 months ago (1 children)

Russian authorities usually just hijack login sms confirmation codes. This is a common practice in Russia. Not denying that something else shady might be going on, but I do know mobile providers there don't even bother to ask why - they just provide shit on demand.

load more comments (1 replies)
[–] [email protected] 8 points 8 months ago (1 children)

Back to Facebook messenger?

[–] [email protected] 8 points 8 months ago (7 children)
load more comments (7 replies)
[–] [email protected] 7 points 8 months ago (3 children)

Am i the only one who doesnt use telegram for porn

[–] [email protected] 9 points 8 months ago

Nah.

I use it for drugs.

load more comments (2 replies)
[–] [email protected] 6 points 8 months ago

A lot of speculation that does end with this in the article:

"After discussing her case with experts, Matsapulina now believes her Telegram messages may have been compromised by a form of spyware. When she was told that a hacking device would need to be physically nearby to infiltrate her phone, a memory resurfaced: At times before her arrest, she had noticed an unmarked truck with a dome on its roof parked outside her building. She had even jokingly mentioned it to friends on Telegram. Now, she remembered, as the police were banging on her door that morning, she’d spotted the same mystery vehicle parked outside. By the time the police stormed her home, the vehicle was gone.

Matsapulina has since started using Telegram again."

Most messaging apps are vulnerable on the client side with spyware, no matter what E2EE exists along the way.

[–] [email protected] 6 points 8 months ago (5 children)

What happened with Telegram? I'm unfamiliar with those particular rumors.

... But also definitely not a fan of it in general. Their app has had terrible encryption (when it's even used) for a long time.

load more comments (5 replies)
load more comments
view more: next ›